package hello;

import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.password.NoOpPasswordEncoder;

@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.inMemoryAuthentication().passwordEncoder(NoOpPasswordEncoder.getInstance())
                .withUser("admin1")
                .password("123456")
                .roles("Admin","Guest")//不能以"ROLE_"开头,不能写成"ROLE_Admin"
                .and()
                .withUser("admin2")
                .password("123456")
                .authorities("Dog","ROLE_cat")//authorities没有特殊的要求
                .and()
                .withUser("admin3")
                .password("123456")
                .roles("Admin","Guest")//不能以"ROLE_"开头,不能写成"ROLE_Admin"
                .authorities("Dog","ROLE_cat")//authorities没有特殊的要求
        ;
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {

        http.authorizeRequests()
                .antMatchers("/**").permitAll()//匹配规则是先配置的先匹配，一但匹配成功，不再向下匹配。如果"/**"配置在最前面,将起不到拦截作用。
                .and().formLogin()
                .and().logout()
                .and().csrf().disable();
    }
}